1. Field of the Invention
The present invention relates to the field of data communication. More specifically, the present invention relates to techniques for managing secure virtual private networks over public or otherwise insecure data communication infrastructures.
2. Related Art
In recent years organizations have come to rely heavily on the ability to communicate data electronically between members of the organization. Such communications typically include electronic mail and file sharing or file transfer. In a centralized, single site organization, these communications are most commonly facilitated by a local area network (LAN) installed and operated by the enterprise.
Preventing unauthorized access to data traversing an enterprise's LAN is relatively straightforward. As long as intelligent network management is maintained, unauthorized accesses to data traversing an enterprise's internal LAN can be prevented. It is when the enterprise spans multiple sites that security threats from the outside become a considerable problem.
For distributed enterprises that want to communicate data electronically several options exist today; but each has associated disadvantages. The first option is to interconnect the offices or various sites with dedicated, or private, communication connections often referred to as leased lines. This is the traditional method that organizations use to implement a wide area network (WAN). The disadvantages of implementing an enterprise-owned and controlled WAN are obvious: they are expensive, cumbersome and frequently underutilized if they are configured to handle the peak capacity requirements of the enterprise. The obvious advantage is that the lines are dedicated for use by the enterprise and are therefore reasonably secure from eavesdropping or tampering by intermediate third parties.
An alternative to dedicated communication lines is for an enterprise to handle inter-site data distributions over the emerging public network space. In recent years, the Internet has evolved from being primarily a tool for scientists and academics into an efficient mechanism for global communications. The Internet provides electronic communications paths between millions of computers by interconnecting the various networks upon which those computers reside. It has become commonplace, even routine, for enterprises, even those in non-technical fields, to provide Internet access to at least some portion of the computers within the enterprises. For many businesses this facilitates communications with customers and potential business partners as well as to geographically distributed members of the organization.
Distributed enterprises have found that the Internet is a convenient mechanism for providing electronic communications between members of the enterprise. For example, two remote sites within an enterprise may each connect to the Internet through a local Internet Service Provider (ISP). This enables the various members of the enterprise to communicate with other sites on the Internet, including those within their own organization. A large disadvantage of using the Internet for intra-enterprise communications is that the Internet is a public network. The route by which data communication travel from point to point can vary on a per packet basis, and is essentially indeterminate. Furthermore, the data protocols for transmitting information over the constituent networks of the Internet are widely known, leaving electronic communications susceptible to interception and eavesdropping with packets being replicated at most intermediate hops. An even greater concern is the fact that communications can be modified in transit or even initiated by impostors. With these disconcerting risks, most enterprises are unwilling to subject their proprietary and confidential internal communications to the exposure of the public network space. For many organizations it is common today to not only have Internet access provided at each site, but also to maintain the existing dedicated communications paths for internal enterprise communications, with all of the attendant disadvantages described above.
To remedy this problem, organizations have begun to build "virtual private networks" (VPNs) on top of public networks, such as the Internet, to protect data transmitted over public networks. Virtual private network systems often rely on virtual private network gateways, which reside on the WAN side of a routing apparatus to connect an enterprise site to the Internet. Thus, VPN gateways are in the path of all relevant data traffic between an enterprise site and the public network. To ensure secure data communications between members of the same VPN group, a VPN gateway implements a combination of techniques for data communication between members of the VPN group. These techniques include various combinations of compression, encryption and authentication, the rules for each of which may vary for members of different groups.
Managing a large number of VPN gateways, which are geographically distributed throughout a public network, can be a time-consuming and error-prone task. Each time a VPN is modified, VPN gateways must be reconfigured to reflect the modifications. This reconfiguration can be performed remotely across the public network from a central site. Hence, it is not necessary to physically travel to the remote site. Nevertheless, this process is time-consuming because each VPN gateway must presently be reconfigured with network address information specifying which communications are to be transmitted securely, and which ones are not.
For example, a VPN administrator receives a policy to implement, such as modifying a VPN. The administrator determines which groups of network nodes, and which VPN gateways, are involved in the policy. The VPN administrator then manually determines for each VPN gateway, what type of configuration information must be transmitted to the VPN gateway to implement the policy. This configuration information typically includes network address information. Finally, the configuration information must be explicitly propagated to the VPN gateways.
A VPN administrator must presently enter this configuration information manually, which can be a time-consuming task. Furthermore, it is very easy to make mistakes in translating a policy into network address specifications, and in entering the long strings of number that make up network address specifications. Such mistakes can cause improper configuration of network gateways, thereby potentially creating a security hole. Additionally, this configuration information is typically transmitted insecurely over the public network to the VPN gateways. Hence, this information can potentially be intercepted by third parties listening in on network traffic.
What is needed is a system for managing VPN gateways in a VPN system that eliminates the time-consuming and error-prone task of manually reconfiguring VPN gateways to reflect changes to virtual private networks.